Just Another Brick in the Wall

17/07/2018 Daniela Previtali

"Bricking” is a widely used term describing an electronic device, such as a smartphone, game console, router, or tablet computer that has been rendered useless due to severe physical damage, a serious misconfiguration, corrupted firmware, or a hardware problem.

Techpedia explains that bricking can occur for a number of reasons. The most common occurrence is when an attempt to update firmware of the device is interrupted by a power outage, user intervention or some other disruption that stops the update process, which inadvertently causes the existing firmware to be overwritten and rendered useless. Bricking can also be caused by the introduction of malicious or incompatible software, such as when firmware intended for a different hardware version of the device is installed.

In some cases, however, it has been speculated that electronics manufacturers may integrate software that intentionally bricks a device as a way of penalizing users who unlock their device for unauthorized use. For example, a recent report from Vice notes that Apple’s recent iOS 11.3 update appears to be bricking iPhone 8 units with screens provided by third party repair shops. It is assumed that the bricking is an attempt to discourage use of third-parties for repairs, which may be a more convenient or less expensive solution for a user than going through an Apple dealer.

More recently, software updates for the popular Nintendo Switch gaming console are said to have included code that appear to be bricking consoles that are illegally using third-party accessories. The speculation suggests that Nintendo is trying to stop users from exploiting the Switch with hacks to make it run software other than intended. Nintendo later issued a statement recommending that Switch owners should only buy officially licensed Switch products as others don’t undergo Nintendo’s rigorous testing and evaluation process.

From an end user standpoint, bricking is a tough lesson learned, whether the root cause be an inadvertent occurrence or an intentional act, and an approach not to be taken lightly should an ISV find an enterprise customer using their software illegally. There may be many reasons why an end user organization may be inadvertently using unlicensed copies of software – they may not have the internal resources to adequately monitor software downloaded on end user computers for licensing compliance; end users may bring their own devices with illegal software installed; or network managers simply don’t completely understand the licensing policies of the ISV. On the other hand, there are those who outright pirate software without regard for legal consequences or monetary damages to the ISV.

Either way, short of bricking, it behooves an ISV to have the ability to lock down a license if an appropriate or illegal use of the software is detected. Here are a few scenarios where an ISV would want the capability to lockdown their software:

A hacker is attacking the software in the background with plenty of time for reverse engineering. The ISV can integrate mechanisms to identify the attempted hack and put a limit on the number of recognizable attempts the hacker can try before locking down the software.

A dongle containing a valid license may be lost or stolen, or the customer is attempting to mislead the ISV to get a new license for free. In that case, the ISV can lock down the original license associated with the dongle before shipping a new one.

A software installed license is no longer accessible, whether the PC was undergoing maintenance and the user could not disable the license before the maintenance, or the customer is simply vying for a new license to install on another computer. The original license can be locked down before issuing a new license and rendering the original license invalid in case it gets “discovered” again.

There are many ways ISVs can manage license entitlements and take action when necessary, short of bricking the computer at any sign of irregularity. This one hour on-demand webinar, Setting Licenses Free vs. Locking The Down, will take you through the various scenarios and action steps that are available with the CodeMeter protection and licensing platform.